New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon PAS-C01 Exam - Topic 3 Question 58 Discussion

Actual exam question for Amazon's PAS-C01 exam
Question #: 58
Topic #: 3
[All PAS-C01 Questions]

A company wants 10 migrate its SAP ERP landscape to AWS The company will use a highly available distributed deployment for the new architecture Clients will access SAP systems from a local data center through an AWS Site-to-Site VPN connection that is already in place An SAP solutions architect needs to design the network access to the SAP production environment

Which configuration approaches will meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D

Option B is correct because it uses AWS Direct Connect gateway with multiple Direct Connect connections that use a link aggregation group (LAG) between the on-premises data center and AWS. This provides high availability and redundancy for the network connection, as well as increased bandwidth and lower latency. It also allows the use of an overlay IP address that is outside the production VPC CIDR range for the ASCS instance, which is recommended by SAP for high availability.

Option D is correct because it uses two redundant AWS Site-to-Site VPN connections for connectivity between the on-premises data center and AWS. This provides a backup connection in case one of the VPN connections fails. It also allows the use of an overlay IP address that is outside the production VPC CIDR range for the ASCS instance, which is recommended by SAP for high availability.

Option A is incorrect because it uses an overlay IP address that is within the production VPC CIDR range for the ASCS instance, which is not recommended by SAP for high availability. It also uses only one AWS Direct Connect connection, which does not provide redundancy or load balancing for the network connection.

Option C is incorrect because it uses Amazon Elastic File System (Amazon EFS) file system storage between the on-premises data center and AWS, which is not a network configuration for data transfer. It also uses an Application Load Balancer, which does not support TCP protocol for the ASCS instance.

Option E is incorrect because it uses an Application Load Balancer, which does not support TCP protocol for the ASCS instance. It also uses a target group that points to the overlay IP address, which is not necessary for the network access to the ASCS instance.


https://docs.aws.amazon.com/sap/latest/sap-hana/sap-oip-configuration-steps-for-network-load-balancer.html

https://blogs.sap.com/2021/07/26/step-by-step-how-to-cluster-sap-ascs-and-ers-on-windows-in-aws-using-wsfc-with-sios-datakeeper/

https://access.redhat.com/articles/3916511

by Rosalyn at Jun 14, 2025, 04:59 PM

Limited Time Offer

25%

Off

Get Premium PAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kattie
2 months ago
I’m not sure about D, seems like it could complicate things unnecessarily.
upvoted 0 times
...
Omer
2 months ago
Wait, why would you want the overlay IP outside the VPC? That sounds risky.
upvoted 0 times
...
Wai
2 months ago
Option A seems solid, using the overlay IP within the VPC range is smart.
upvoted 0 times
...
Helaine
3 months ago
I think B is better, having the overlay IP outside the range makes more sense.
upvoted 0 times
...
Sanjuana
3 months ago
Definitely going with A and C for this setup.
upvoted 0 times
...
An
3 months ago
I think options with overlay IPs outside the VPC range might complicate routing, but I can't recall the exact implications.
upvoted 0 times
...
Zack
3 months ago
This question feels similar to one we practiced about load balancers and target groups. I wonder if the Network Load Balancer is the right choice here.
upvoted 0 times
...
Leonora
4 months ago
I'm not entirely sure, but I think using a Transit Gateway is crucial for managing the VPN connections effectively.
upvoted 0 times
...
Avery
4 months ago
I remember we discussed the importance of using an overlay IP address within the production VPC range for better routing efficiency.
upvoted 0 times
...
Leontine
4 months ago
I think I've got a good handle on this. The key is properly configuring the overlay IP address and the static route on the production VPC to ensure the traffic is routed correctly to the ASCS instance. I'll double-check my work, but I feel confident I can select the right answers.
upvoted 0 times
...
Margot
4 months ago
Based on the requirements, it looks like options A and B are the best choices. Using a transit gateway to route the communications between the local data center and the production VPC, and configuring the overlay IP address accordingly, seems like the most robust solution.
upvoted 0 times
...
Raymon
4 months ago
I'm a bit confused about the overlay IP address and how that fits into the overall architecture. I'll need to review the options carefully to make sure I select the right configuration approaches.
upvoted 0 times
...
Tyra
5 months ago
Okay, let me think this through. We need to design the network access to the SAP production environment, and the company is using a highly available distributed deployment on AWS. The key seems to be configuring the overlay IP address and the static route on the production VPC.
upvoted 0 times
...
Sharen
5 months ago
This question seems straightforward, but I want to make sure I understand the requirements correctly before I start answering.
upvoted 0 times
...
Chara
7 months ago
Options A and B definitely look the most promising. I wonder if the exam will try to trip us up with the other choices, though. Better double-check my work!
upvoted 0 times
...
Danica
7 months ago
I'm torn between A and B. Configuring the overlay IP address outside the VPC CIDR range seems like it might be a bit tricky, but it could work.
upvoted 0 times
Staci
5 months ago
B) For the ASCS instance configure an overlay IP address that is outside the production VPC CIDR range Create an AWS Transit Gateway Attach the VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance
upvoted 0 times
...
Timothy
5 months ago
A) For the ASCS instance configure an overlay IP address that is within the production VPC CIDR range Create an AWS Transit Gateway Attach the VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance
upvoted 0 times
...
Janella
6 months ago
User 2
upvoted 0 times
...
Madelyn
7 months ago
User 1
upvoted 0 times
...
...
Tennie
7 months ago
I'm pretty sure the correct answers are A and B. Those options use the Transit Gateway, which is the key to meeting the high availability requirement.
upvoted 0 times
...
Emily
7 months ago
I prefer option E. Using an Application Load Balancer can provide better load balancing for the SAP systems.
upvoted 0 times
...
Rodolfo
7 months ago
Haha, this question is like a treasure hunt! Gotta find the right combination of networking magic to make it work.
upvoted 0 times
Adria
7 months ago
E
upvoted 0 times
...
Adria
7 months ago
A
upvoted 0 times
...
...
Margarita
8 months ago
I agree with Rolland. Using a Transit Gateway and static routes seems like a good approach.
upvoted 0 times
...
Rolland
8 months ago
I think options A and B could meet the requirements.
upvoted 0 times
...
Marylou
8 months ago
Okay, let's see here... I think options A and B are the way to go. Using a Transit Gateway to route the traffic seems like the most reliable approach.
upvoted 0 times
Denny
6 months ago
Transit Gateway can help ensure smooth communication between the local data center and the production VPC.
upvoted 0 times
...
Luther
7 months ago
Yeah, it definitely seems like the most reliable option for this scenario.
upvoted 0 times
...
Domingo
7 months ago
I agree, using a Transit Gateway for routing is a solid choice.
upvoted 0 times
...
...
Graciela
8 months ago
Hmm, this question seems to cover a lot of AWS networking concepts. I'm going to need to think this through carefully.
upvoted 0 times
Timothy
8 months ago
B) For the ASCS instance configure an overlay IP address that is outside the production VPC ClDR range Create an AWS Transit Gateway Attach the VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance
upvoted 0 times
...
Martha
8 months ago
A) For the ASCS instance configure an overlay IP address that is within the production VPC ClDR range Create an AWS Transit Gateway Attach me VPN to the transit gateway Use the transit gateway to route the communications between the local data center and the production VPC Create a static route on the production VPC to route traffic that is directed to the overlay IP address to the ASCS instance
upvoted 0 times
...
...

Save Cancel